Fedora Core 3 : perl-5.8.5-14.FC3 (2005-600)

Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write...

Intruder Client 1.00 - Remote Command Execution Denial of Service

Intruder Client 1.00 - Remote Command Execution Denial of Service !/usr/bin/perl Intruder Command Execution DOS Exploit -------------------------------------- Infam0us Gr0up - Securiti Research ? Version: libwww-perl-5.76 + Connecting to 127.0.0.1.. + Connected + Backup for files..DONE + Build...

CVE-2002-1990

Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet...

FreeBSD : perl -- File::Path insecure file/directory permissions (c418d472-6bd1-11d9-93ca-000a95bc6fae)

Jeroen van Wolffelaar reports that the Perl module File::Path contains a race condition wherein traversed directories and files are temporarily made world-readable/writable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

CVE-2005-1688

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in 1 wp-content/themes/, 2 wp-includes/, or 3 wp-admin/, which reveal the path in an error message...

CVE-2005-1616

viewforum.php in Ultimate PHP Board UPB 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid 1 id or possibly 2 postorder parameter, which reveals the path in an error message when a file can not be opened...

CVE-2005-1616

viewforum.php in Ultimate PHP Board UPB 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid 1 id or possibly 2 postorder parameter, which reveals the path in an error message when a file can not be opened...

DEBIAN-CVE-2005-0448

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452...

ARPUSCe - Local Overflow (setuid) (Perl)

ARPUSCe - Local Overflow setuid Perl !/usr/bin/perl -w Setuid ARPUS/ce exploit by KF - kflistsatdigitalmunitiondotcom - 4/21/05 Copyright Kevin Finisterre kfinisterre@threat:/tmp$ ./ceex.pl sh-2.05b id uid=0root gid=1000kfinisterre groups=20dialout,24cdrom,25floppy,29audio,44video,1000kfinisterre...

Debian DSA-696-1 : perl - design flaw

Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write...

DSA-696-1 perl - design flaw

Bulletin has no description...

USN-94-1: Perl vulnerability

Paul Szabo discovered another vulnerability in the rmtree function in File::Path.pm. While a process running as root or another user was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had...

security flaw

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...

security flaw

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...

CVE-2004-1064

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute...

CVE-2004-1064

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute...

CVE-2004-0452

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...

CVE-2004-0452

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...

perl -- File::Path insecure file/directory permissions

Jeroen van Wolffelaar reports that the Perl module File::Path contains a race condition wherein traversed directories and files are temporarily made world-readable/writable...

[SA13643] Perl "File::Path::rmtree" Race Condition

TITLE: Perl "File::Path::rmtree" Race Condition SECUNIA ADVISORY ID: SA13643 VERIFY ADVISORY: http://secunia.com/advisories/13643/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Perl 5.x http://secunia.com/product/2647/ DESCRIPTION: Paul Szabo has reported a...